There are tradeoffs in both directions.
Personally I think administrative simplicity wins over security through
obscurity, so I recommend each organization pick a random pair of static
addresses and use those two addresses for all of their point to point links.
e.g. If your prefix for a given link is 2001:db8:xxxx:yyyy::/64, and you
randomly choose the suffixes dead:beef:cafe:babe and dead:beef:cafe:feed as
your end-point addresses, then the links would be numbered
2001:db8:xxxx:yyyy:dead:beef:cafe:{babe,feed}.
YMMV and I don't recommend using my examples in practice.
Owen
> On Jan 29, 2014, at 12:35 PM, Philip Lavine <[email protected]> wrote:
>
>
>
>
> Is it best practice to have the internet facing BGP router's peering ip (or
> for that matter any key gateway or security appliance) use a statically
> configured address or use EUI-64 auto config?
>
> I have seen comments on both sides and am leaning to EUI-64 (except for the
> VIP's like the ASA's failover ip )
>
> -Philip
